Hi
Hope this will be of help:
- If you are actually trying to make something secure, you should probably look for a ready-made module. Sorry, I don't know what's considered the best at the moment, you'll have to do some research or wait for someone else to recommend one.
- On the login page, you seem to be checking the username (email address) then checking to see if there is an account with the specified password. Surely you need to check that the password belongs to that user: it looks like you can log into anyones account with your password at the moment. Need to pull out the password from the submitted email address, then check it is equal to the password submitted in the login form.
- To solve the problem you asked about, and anything else that needs password protection, you'll need to keep track of logged in users between pages. You can't just pass round the username, or anyone will be able to access any account by changing the URL/cookie/etc. One way to do this would be to generate a session cookie and keep a record of which account it belongs to. Managing all this is quite complex and I would recommend finding a module.
Anyway depends exactly what you're doing but if you want some kind of security better do some research. Hope someone who knows more than me will provide more useful details..
FVS
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|